CVE-2026-39981

AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safejoin function in the essentialabilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or...

CVE-2026-39981

AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safejoin function in the essentialabilities extension fails to validate that resolved file paths remain within the designated agent workspace. An authenticated attacker can use directory traversal sequences to read, write, or...

CVE-2026-39981

CVE-2026-39981 affects AGiXT (dynamic AI Agent Automation Platform). The vulnerability is in the safe_join() function of the essential_abilities extension, where path validation fails and allows directory traversal to read, write, or delete arbitrary files on the server. This requires authenticat...

agentiq-semantic-kernel (>=1.0.0 <=1.1.0a20250428), agixt (>=1.1.76b0 <=1.3.71) +9 more potentially affected by CVE-2026-26030 via semantic-kernel (>=0.2.9.dev0 <=1.35.3)

semantic-kernel PYPI version =0.2.9.dev0, =1.0.0, =1.1.76b0, =1.1.0, =0.1.1, =0.1.0, =0.3.0, =1.2.0, =0.2.0, =0.0.1, =1.0.0, =1.0.9 Source cves: CVE-2026-26030 Source advisory: OSV:PYSEC-2026-163...

agentiq-semantic-kernel (>=1.0.0 <=1.1.0a20250428), agixt (>=1.1.76b0 <=1.3.71) +9 more potentially affected by CVE-2026-25592 via semantic-kernel (>=0.2.9.dev0 <=1.35.3)

semantic-kernel PYPI version =0.2.9.dev0, =1.0.0, =1.1.76b0, =1.1.0, =0.1.1, =0.1.0, =0.3.0, =1.2.0, =0.2.0, =0.0.1, =1.0.0, =1.0.9 Source cves: CVE-2026-25592 Source advisory: OSV:GHSA-2WW3-72RP-WPP4...

ac-solver (=0.1.0), adversarial-insight-ml (=0.1.0) +539 more potentially affected by CVE-2026-24747 via torch (>=2.0.0 <=2.0.1)

torch PYPI version =2.0.0, =0.0.2, =1.2.3, =0.2.2, =0.0.2, =0.0.0, =1.9.0, =0.0.3, =0.8.0, =0.1.0, =0.0.1, =1.9.0, =1.17.1 - aisee =0.1.0 and more Source cves: CVE-2026-24747 Source advisory: SNYK:PYTHON-TORCH-15123585...

afs2-datasource (>=3.8.0.0 <=3.8.2), afw (>=0.0.6 <=0.0.21) +281 more potentially affected by CVE-2024-21272 via mysql-connector-python (>=8.0.21 <=9.0.0)

mysql-connector-python PYPI version =8.0.21, =3.8.0.0, =0.0.6, =1.4.20, =0.0.1, =0.1.1, =0.3.0, =0.0.1, =1.0.0b1, =0.10.0, =2021.2.5, =1.0.1, =1.0.12, =1.1.15, =1.2.24 and more Source cves: CVE-2024-21272 Source advisory: OSV:GHSA-HGJP-83M4-H4FJ...

aad-fastapi-dl37 (>=1.0.0 <=1.0.2), acmen (=0.5.0) +402 more potentially affected by CVE-2023-38325 via cryptography (>=40.0.0 <=41.0.1)

cryptography PYPI version =40.0.0, =1.0.0, =0.0.1, =1.2.4, =0.0.12, =4.4.6, =2023.4.0b0, =2.0.0, =0.0.1, =0.2.0, =2.2.13, =3.0.1 and more Source cves: CVE-2023-38325 Source advisory: OSV:PYSEC-2023-112...

agixt (>=1.4.20 <=1.4.42), agxclick (>=0.1.36 <=0.4.1) +214 more potentially affected by CVE-2022-1941 via protobuf (>=4.0.0rc2 <=4.21.5)

protobuf PYPI version =4.0.0rc2, =1.4.20, =0.1.36, =0.9.1, =0.0.12, =0.4.0, =1.0.10, =1.0.0b1, =0.1.0, =0.1.2, =0.0.12, =0.2.6, =0.0.20, =0.8.0, =0.12.0 and more Source cves: CVE-2022-1941 Source advisory: OSV:GHSA-8GQ9-2X98-W8HF...